A major security breach has hit one of the most widely used liquidity locking platforms from the 2021 bull market. Attackers have drained approximately $7.3 million worth of assets from over 1,400 legacy liquidity pools on DxSale deployed on the BNB Chain. The incident has raised serious questions about the long-term safety of older DeFi infrastructure that many projects and investors had trusted for years as permanently locked.
Blockchain security firm PeckShield confirmed the large-scale drain, which targeted legacy liquidity locker contracts that were extensively used during the height of the previous market cycle.
🚨 BREAKING: @DxSale just drained ~$7.3M from OG @BNBCHAIN LPs
DxSale ran the largest liquidity locker of 2021. Hundreds of millions sat inside it. Even $SAFEMOON was locked here
The team is now mixing the funds through what looks like @anyswapbot, and funds are now untraceable pic.twitter.com/wYOv7LsIS0
— Tahax (@Tahax1) May 28, 2026
What Happened
The incident was first surfaced by on-chain researcher Tahax. According to detailed transaction analysis, the root cause was a silent ownership transfer of the legacy locker contract that occurred around 269 days ago. The attacker gained control and routed it through roughly 80 intermediate wallets to hide their tracks.
The primary attacker address 0xC457…FA69 which received funding from Bybit shortly before the exploit deployed a custom drainer contract and executed the following key actions:
- Drastically reduced or removed locking fees
- Backdated unlock timestamps all the way to the year 1970
- Withdrew LP tokens from more than 1,400 pools in a coordinated operation
- Swapped the stolen assets primarily into BNB
The attacker then transferred around 2,958 BNB (worth roughly $1.87 million) to intermediary wallets, which later deposited funds into multiple Binance addresses. Portions of the stolen liquidity were routed through cross-chain mixers, making full tracing difficult.
Deeper Concerns: Legacy Infrastructure Risk
This was not a traditional smart contract vulnerability but the result of retained administrative privileges on an unverified legacy contract. Community discussions suggest the backdoor may have been known and exploited selectively as early as August 2025, with individuals in Telegram groups reportedly advertising access to old DxSale locks.
DxSale Background
DxSale was a dominant liquidity locker during the 2021 bull run, widely used by hundreds of new token launches including high-profile projects like SafeMoon to lock LP tokens and assure investors that liquidity could not be pulled immediately. It played a key role in building initial trust for many memecoins and DeFi projects at the time.
This incident adds to the growing list of 2026 security events that expose weaknesses in older infrastructure, poor key management, and unrenounced administrative controls. on the BNB Chain. It comes after a recent exploit on the same network that drained roughly $187k from AM Token and Wukong staking contracts.
The bigger picture? In DeFi, locked liquidity is only as safe as the ownership model behind it. Proper verification, ownership renunciation, and ongoing monitoring are now essential, even for long-dormant contracts.
